Pros

Cons

Bottom Line

The Skycure app provides free protection against network threats for your iPhone, but it's not the set-it-and-forget-it solution most people expect.

8 Jul 2014Max Eddy

Security wonks and paranoids often warn about networking attacks, where bad guys can see everything you do online and take control of your browser. But most of these network attacks are subtle and go unnoticed by victims. How are you supposed to protect yourself against what you can't see? That's the problem Skycure aims to solve with its free iPhone app.

Once activated, Skycure quietly probes every wireless network to which your phone connects, searching for potentially dangerous activity. This isn't about viruses or worms infesting your phone; this is about making sure that the data you send and receive is coming from and going to the right places.

Starting Up

When you start up the app for the first time, you are prompted to enter your email address for verification purposes. We were briefly confused by the fact that you must tap a URL emailed by Skycure directly from the phone you're enrolling; you can't do it from a desktop or another mobile device. Most apps don't require that you use a specific device to respond to confirmation messages. It's a minor wrinkle; beyond that, setup is a breeze.

Once it's running, Skycure tests each wireless network with which your phone connects. Skycure compares what it sees to a massive database of known attacks, malicious networks, and suspicious behaviors. Skycure does this in real time, which means that the app generates network traffic and uses some battery power in the process. Company representatives assure us that using Skycure has significantly less impact on battery life than making a phone call. Our testing tended to bear this out; we didn't notice any drastic battery drains.

Skycure keeps it simple by packing all the important information onto a single page in the app. If you've never encountered a dangerous network, congratulations! You'll see a message that says "No Incidents." The app also shows another message, reminding you to keep Skycure running.

This might seem a little odd, since most of us are used to simply switching on our security software and then ignoring it. But the technical limitations of iOS mean that Skycure can only do its work while the app is running. Skycure does not need to be "in focus" (that is, on the screen) to operate, but if you shut it down from the task manager your protection ends. It's an unfortunate drawback, but one that I don't see changing unless iOS loosens up—which seems doubtful. Perhaps with iOS 8?

There is an additional Advanced Options page that, confusingly, includes a toggle to enable Auto Protection. This is a rather misleading vestigial feature from the enterprise version of the app, which is available for a fee and includes advanced features like mobile device management tools. Free users will not be able to activate this feature, and Skycure needs to make that clearer.

Skycure in ActionIn order to simulate an attack, a representative from the company launched three separate attacks on our iPhone 5c. This included a man-in-the-middle attack, SSL stripping, and a malicious profile attack—identical to the one featured in Skycure Hacked My iPhone To Prove They Can Protect It. The first two attacks required that we connect to a malicious Wi-Fi network, while the third used a social engineering website to trick us into installing a malicious mobile device management profile. We went ahead and installed the profile to see what would happen.

This attack is a particularly nasty one. In the demonstration, Skycure's engineers were able to see our browsing activity in real time, capture our login information sent through secure apps and websites, and even redirect our browser to websites of their choosing. All that while being connected to a secure Wi-Fi network we controlled.

While the demo from Skycure was pretty impressive, we like to do things ourselves here at PCMag. First, we looked at what happens if we tricked the iOS device into connecting to a network with the same name as one it had connected to previously. The test itself was simple, as we created a second Wi-Fi network with the same name as one of our test networks. When we connected to the second network, we expected Skycure to warn us that we were not on the right hotspot. Turns out Skycure waits for actual malicious activity to occur before issuing any alerts, in order to cut down on false alarms. Fair enough. This just meant we had to attack ourselves.

Enter the PwnPad from penetration testing experts Pwnie Express. The PwnPad comes with several nifty tools to set up malicious access points, socially engineer users, and launch other network attacks. First, we created a rogue access point with the same name as our test network using the EvilAP penetration testing tool. As was the case with our earlier test, Skycure didn't display any warnings.

We then launched "SSL Strip" from the PwnPad to hijack all HTTP traffic. The victim thinks the Web session is secured by HTTPS, but SSL Strip forces the session to HTTP, which means all the information being entered (such as passwords) is now transmitted in the clear. Connecting to EvilAP didn't trigger any Skycure warnings, but as soon as we tried accessing sites while running SSL Strip on the PwnPad, Skycure detected the man-in-the-middle attack.

With each attack detected, Skycure sends a push notification, adds a badge number to the app icon, and pulls up a security warning within the app. That's the most you can expect, short of an OS-level alert. Within the app, Skycure created an entry for each of our testing threats with a brief description of what was going on. Each attack generates its own message, even attacks that originate from the same network. For example, we launched the man-in-the-middle and SSL stripping attacks simultaneously from the same network, but they appeared as two separate entries in Skycure.

This running list of all the attacks you've encountered is very handy for later reference. If you discover some stray charges on your credit card, for example, you might correlate it with the time Skycure detected suspicious activity on your coffee shop's free Wi-Fi. If you encounter the same attack on the same network, Skycure updates the date. Future attacks, and different malicious networks, are recorded separately.

To our surprise, the attack descriptions are fairly, well, descriptive. Skycure reported the type of attack, told us which network launched the attack, and offered suggestions on how to keep our phone safe. That's an impressive level of detail, but it's less clear if Skycure will be so exacting when it encounters something completely novel.

The advice the app provides is also useful and effective. When it detects a malicious profile, the app gives step-by-step directions for removing it. For our malicious network attacks, the app suggested that we disconnect from Wi-Fi and use our cellular network instead. That said, it still requires the user to take action, and that's a potential point of failure. Again, the limitations of iOS means that Skycure can't automatically disconnect you from a suspicious network, which would be more powerful protection.

Clear SkiesIn our SecurityWatch posts, we often remind readers to avoid free wireless networks, but the temptation is always present. As cities begin to roll out more and more municipal Wi-Fi networks, that advice might not be practical much longer. Sure, using a VPN service would likely prevent the problem, but that's probably beyond the average user. That's why I'm very happy to see a solution like Skycure on iPhone. It gives peace of mind and unique protection for our increasingly wireless lives.

But while we really like the protection Skycure provides, we're frustrated by the technical limitations within iOS that keep Skycure from being more automated. That's a small price to pay for peace of mind, however, especially for frequent users of public, hotel, or coffee-shop Wi-Fi networks.

More Inside PCMag.com

About the Author

Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps.

Prior to PCMag, Max wrote for the International Digital Times, The International Science Times, and The Mary Sue. He has also been known to write for Geek.com. You can follow him on Twitter at @wmaxeddy. See Full Bio